Access to data source via proxy

ABSTRACT

In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising at least one processor configured to execute a computer executable program stored in a memory comprised in the apparatus, wherein the computer executable program thereby causes the apparatus to at least open a first connection to a data source device, open a second connection to a proxy device, the second connection employing a first protocol and a cross origin resource sharing context, and receive from the proxy device information of the data source device.

TECHNICAL FIELD

The present application relates generally to connectivity betweenobjects using communication protocols.

BACKGROUND

Communication-enabled devices may exchange messages using variousprotocols. For example, a desktop or laptop computer may access theInternet using hypertext transport protocol, HTTP, run over internetprotocol, IP. An end station, such as a computer or a smartphone, forexample, may receive real time media content over real time transport,RTP, protocol. Protocols may be employed as a protocol stack whichcomprises protocols with distinct features used together. When a datastream encoded using a protocol stack is transmitted in a network, apayload portion of a first protocol data unit may comprise a protocoldata unit of a second protocol, the payload portion of the protocol dataunit of the second protocol in turn comprising a protocol data unit of athird protocol.

The constrained application protocol, CoAP, is a software protocol thatmay be employed in communication involving as at least one party a nodewith limited resources, such as power, processing capability or memory.CoAP allows for interactive communication with such nodes to enable themto interact with further nodes via network connections.

Networks employing CoAP may include sensor networks, for example,wherein sensor nodes may be simple, resource-constrained devices enabledto perform measurements of physical properties, or capture media such assound. In a sensor network the sensor nodes may periodically providemeasurement results they have produced, or they may be configured toprovide a measurement result to a querying node responsive to a request.Such a request may be conveyed using CoAP, for example.

In networking a same-origin policy is a security concept that may beemployed in browser-side programming languages, such as javascript. Thepolicy permits executable elements originating from a network site touse each other's resources and parts. The policy may be configured torestrict use of resources and/or parts of executable elementsoriginating from a different site.

SUMMARY

Various aspects of examples of the invention are set out in the claims.

According to a first aspect of the present invention, there is providedan apparatus, comprising at least one processor configured to execute acomputer executable program stored in a memory comprised in theapparatus, wherein the computer executable program thereby causes theapparatus to at least open a first connection to a data source device,open a second connection to a proxy device, the second connectionemploying a first protocol and a cross origin resource sharing context,and receive from the proxy device information of the data source device.

According to a second aspect of the present invention, there is provideda method, comprising causing opening of a first connection to a datasource device, causing opening of a second connection to a proxy device,the second connection employing a first protocol and a cross originresource sharing context, and receiving from the proxy deviceinformation of the data source device

According to a third aspect of the present invention, there is providedan apparatus, comprising at least one processor, at least one memoryincluding computer program code the at least one memory and the computerprogram code configured to, with the at least one processor, cause theapparatus to at least receive a first message from a data source device,and receive a second message from a node, the second message comprisingan indication of a source of a computer executable program running inthe node.

According to a fourth aspect of the present invention, there is provideda method, comprising receiving a first message from a data sourcedevice, and receiving a second message from a node, the second messagecomprising an indication of a source of a computer executable programrunning in the node.

According to further aspects of the present invention, there areprovided computer programs configured to cause methods in accordancewith the second and fourth aspects to be performed.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of example embodiments of the presentinvention, reference is now made to the following descriptions taken inconnection with the accompanying drawings in which:

FIG. 1A illustrates a first example system capable of supporting atleast some embodiments of the invention.

FIG. 1B illustrates a second example system capable of supporting atleast some embodiments of the invention;

FIG. 2 illustrates a block diagram of an apparatus in accordance with anexample embodiment of the invention;

FIG. 3 is a first flowgraph illustrating phases of an example method inaccordance with at least some embodiments of the invention; and

FIG. 4 is a second flowgraph illustrating phases of an example method inaccordance with at least some embodiments of the invention.

DETAILED DESCRIPTION OF THE DRAWINGS

In networking involving resource-constrained nodes, the inventedcommunication method may enable proxying content from smart objects in aflexible way that doesn't violate a same origin security policy.Executable code may be received from a network, for example to abrowser, to access and proxy the content in a secured way. An example isa trusted web application which can access resource-constrainedperipheral devices via a proxy device to locally proxy the content.

FIG. 1A illustrates a first example system capable of supporting atleast some embodiments of the invention. Illustrated in FIG. 1A isbrowser 110, which may comprise, for example, a web browser such as aHTTP browser operating on a computing device, such as a personalcomputer, smartphone or tablet device. Network site 120 may comprise,for example, a world wide web, WWW, site accessible to browser 110.Smart device 130 may comprise, for example, a sensor such as a sensorthat is capable of measuring a physical property such as temperature,moisture, presence of smoke, humidity, speed or noise level. A sensormay comprise alternatively an actuator, such as a window opener, or acamera device, for example. Proxy device 140 may comprise, for example,a HTTP/CoAP proxy. Proxy device 140 may be disposed in a networklocation such as the Internet, or in a home network, for example. Insome embodiments, smart device 130 and proxy device 140 are located inthe same home environment but in other embodiments this is not the case.

Browser 110 may interface toward network site 120 via a wire-line or atleast in part wireless interface. When browser 110 is run on a devicewith cellular connectivity, the interface from browser 110 to networksite 120 may comprise, in part, a cellular interface such as a long termevolution, LTE, or wideband code division multiple access, WCDMA,interface, for example. Browser 110 may interface toward smart device130 via an interface which may comprise, for example, a near-fieldcommunication, NFC, interface, a wireless local area network, WLAN,interface, or a low-power radio interface such as Bluetooth, forexample. Browser 110 may use an interface comprised in a device runningbrowser 110. Smart device 130 may interface toward proxy device 140 viaa wired or at least in part wireless interface, such as Ethernet, WLAN,a cellular interface or Bluetooth, for example. Browser 110 mayinterface toward proxy device 140 via a wired or at least in partwireless interface. In some embodiments, browser 110, smart device 130and proxy device 140 are comprised in the same local-area network,wherein the local-area network may comprise a WLAN network.

The numbered arrows in FIG. 1A illustrate signaling. Arrow 1 denotesbrowser 110 contacting network site 120 to request information, forexample to request a web page. Arrow 2 denotes network site 120responsively providing at least the requested information, for examplethe web page. The provided information may comprise a computerexecutable program, such as for example a script program or anexecutable file. The program may be configured to act toward smartdevice 130 to mirror or cache data contained therein, to allow smartdevice 130 to be in a sleep or energy-saving mode for longer periods oftime uninterrupted, for example.

To enable such caching, browser 110 may contact smart device 130 andprovide a credential of itself, or at least an identity or address ofitself, to smart device 130. This is illustrated in FIG. 1A as arrow 3.Browser 110 may provide an address of proxy device 140 to smart device130 over the interface interconnecting browser 110 and smart device 130.In some embodiments, browser 110 is configured to obtain at least one ofan address and an identity of proxy device 140 from smart device 130, incase smart device 130 is configured with at least one of an address andidentity of proxy device 140. As a result of the interaction illustratedby arrow 3, a trust relationship may be established between browser 110and smart device 130. Arrow 3, while illustrated as one-way, maycomprise two-way communication between browser 110 and smart device 130.

In a communication illustrated by arrow 4, browser 110 may request proxydevice 140 to proxy content from smart device 130, for example inbrowser 110. In the communication illustrated by arrow 4, browser 110may indicate network site 120 as an origin of the computer executableprogram. In this communication, browser 110 may employ cross-originresource sharing, CORS. In this communication, browser 110 may providecredentials of at least one of itself and smart object 130. A credentialof browser 110 may in this aspect comprise, for example, a credential ofa device running browser 110, or a credential of the computer executableprogram obtained in browser 110 in the phase illustrated by arrow 2.Thus, proxy device 140 is enabled to decide whether to accept acommunication from network site 120 despite the fact that thecommunication illustrated as arrow 3 physically originates from browser110. Browser 110 may be configured to prevent computer executableprograms from network site 120 from accessing proxy device 140 unlessnetwork site 120 is indicated as the origin. Credentials provided bybrowser 110 may enable proxy device 140 to decide to co-operate withbrowsers 110 only if they've been in contact with smart device 130previously.

In a communication illustrated as arrow 5, smart device 130 may send toproxy device 140 a message, such as for example a CoAP message, toregister itself to proxy device 140. In this communication, smart device130 may provide credentials of at least one of itself and browser 110. Acredential of browser 110 may in this aspect comprise, for example, acredential of a device running browser 110, or a credential of thecomputer executable program obtained in browser 110 in the phaseillustrated by arrow 2. The chronological order of the communicationsillustrated by arrows 4 and 5 may vary depending on the embodiment.

In a communication illustrated as arrow 6, proxy device 140 may forwardthe message received in proxy device 140 from smart device 130 tobrowser 110 to initiate content proxying. The message may be forwardedin a different form, for example if the message from smart device 130was a CoAP message, such as for example a CoAP PUT, GET, POST or DELETE,proxy device 140 may translate it into HTTP format before forwarding itto browser 110. Proxy device 140 in effect establishes a web storagerelationship, which may be either local or session storage. A sessionstorage may comprise that data is stored for a duration of a browsertab, wherein when the browser tab is closed, the data stored in thesession storage is deleted. Browser 110 may store each received contentitem of smart device 130 in browser 110, for example as a name/valuepair. In this sense, nodes on the Internet, for example, may obtainaccess to content items of smart device 130 by requesting them frombrowser 110. Alternatively or additionally, other applications runningin browser 110, or in a device running browser 110, may access thecontent items of smart device 130. In some embodiments, multiplebrowsers 110 running on multiple nodes may access the content items ofsmart device 130 from proxy device 140. In general, browser 110 may bedirected by the computer executable program obtained in the phaseillustrated by arrow 2 to perform its part in actions illustrated byarrows 3, 4 and 6. In general, browser 110 may perform a similarsequence with respect to more than one smart device, to proxy at leastpartly content from each.

FIG. 1B illustrates a second example system capable of supporting atleast some embodiments of the invention. The functioning of the systemof FIG. 1B is similar to that of the system of FIG. 1A. In detail,mobile 110 or FIG. 1B may run browser 110 of FIG. 1A. Running in thiscontext may comprise that executable code of the browser is stored in amemory of mobile 110, and a processor of mobile 110 is executing theexecutable code of the browser. Likewise sensor unit 150 of FIG. 1B mayfunction as smart device 130 of FIG. 1A, and proxy 160 of FIG. 1B mayfunction as proxy device 140 of FIG. 1A. In the embodiment of FIG. 1B,mobile 110 may be connected, for example continuously connected, to theInternet via wireless link 115, base station 120, connection 121, corenetwork node 130, connection 131 and gateway 140. Mobile 110 maycommunicate with sensor unit 150 via Bluetooth, for example, and withproxy 160 via WLAN or via a wire-line connection, for example.Connection 151 between sensor unit 150 and proxy 160 may be a wire-lineconnection, or alternatively at least in part a wireless connection. Thesystem of FIG. 1B is illustrative of only one example system, to whichthe invention is not restricted to.

In general there is provided a first apparatus, such as for example anapparatus capable of running browser 110. The first apparatus may beconfigured, by a computer executable program stored in a memorycomprised in the apparatus, to at least open a first connection to adata source device, open a second connection to a proxy device, thesecond connection employing a first protocol and a cross origin resourcesharing context, and to receive from the proxy device information of thedata source device. The data source device may comprise, for example, adevice such as smart device 130 of FIG. 1A or sensor unit 150 of FIG.1B. The first connection may be arranged to establish a trustrelationship between a browser and the data source device. Establishinga trust relationship may comprise transmitting and/or receiving at leastone credential. The first apparatus may be configured to transmit and/orreceive at least one credential over the second connection. The at leastone credential communicated over the second connection may comprise atleast one of a credential of the first apparatus and a credential of abrowser running on the first apparatus. Information of the data sourcedevice may comprise measurement data or status information, for example.

In some embodiments, the first apparatus is further caused to receiveinformation comprising the computer executable program. The computerexecutable program may comprise, at least in part, an executable scriptembedded in a web page the first apparatus is enabled to access. In someembodiments, the first protocol comprises a hypertext transportprotocol, such as HTTP. Examples of executable script types includejavascript, jscript, Ejscript, ActionScript, ECMAscript and Jscript.NET.

In some embodiments, the first connection comprises at least one of aNFC, WLAN and low-power radio connection. A low-power radio connectionmay comprise a Bluetooth or Bluetooth low energy connection, forexample.

In some embodiments, the first apparatus is caused to indicate over thesecond connection an address of the web page. The address of the webpage may be indicated as an origin of a computer executable programexecuted by the first apparatus.

In general there is provided a second apparatus, such as for example aproxy device 140. The second apparatus comprises at least one processor,at least one memory including computer program code, the at least onememory and the computer program being code configured to, with the atleast one processor, cause the apparatus to at least receive a firstmessage from a data source device. The first message may comprise aregistration of the data source device, or more generally the firstmessage may be configured to cause the second apparatus to initialize astate for the data source device in the second apparatus. The secondapparatus may also be caused to receive a second message from a node,the second message comprising an indication of a source of a computerexecutable program running in the node. The indication of the source ofthe computer executable program may comprise an indication of source ofthe second message. The first message may comprise a request to startmirroring data of the data source device. The first message may enablethe second apparatus to associate the data source device with a node.

In some embodiments, the first message comprises a constrainedapplication protocol, CoAP, registration request. The first message maycomprise a credential of the data source device and/or a credential of aweb application, such as for example an application transmitting thesecond message. Thus a web application may comprise an executablescript, such as a javascript program, as described above.

In some embodiments, the second message may use a cross origin resourcesharing mechanism. The second message may comprise a credential of atleast one of a web application running on the node, the node and thedata source device. In case the second apparatus receives a credentialof the web application from both the first message and the secondmessage, and the credentials from the first and second messages do notmatch, the second apparatus may be configured to refuse to provide dataof the data source device to the node. Likewise if credentials of thenode from the first and second messages do not match, the secondapparatus may be configured to refuse to provide data of the data sourcedevice to the node.

In some embodiments, the second apparatus is further caused to assignstorage space for resource data of the data source device. In someembodiments, this comprises requesting storage space to be assigned inthe node.

FIG. 3 is a first flowgraph illustrating phases of an example method inaccordance with at least some embodiments of the invention. The phasesof the illustrated method may be performed in browser 110, for example.The phases of the illustrated method may be caused to be performed by ascript program running in browser 110, for example. Phase 310 comprisescausing opening of a first connection to a data source device. Phase 320comprises causing opening of a second connection to a proxy device, thesecond connection employing a first protocol and a cross origin resourcesharing context. Finally phase 330 comprises receiving from the proxydevice information of the data source device.

FIG. 4 is a second flowgraph illustrating phases of an example method inaccordance with at least some embodiments of the invention. The phasesof the illustrated method may be performed in proxy device 140, forexample. Phase 410 comprises receiving a first message from a datasource device. Phase 420 comprises receiving a second message from anode, the second message comprising an indication of a source of acomputer executable program running in the node

FIG. 2 illustrates a block diagram of an apparatus 10 such as, forexample, a mobile terminal, in accordance with an example embodiment ofthe invention. The illustrated mobile terminal may be arranged to runbrowser 110, for example. While several features of the apparatus areillustrated and will be hereinafter described for purposes of example,other types of electronic devices, such as mobile telephones, mobilecomputers, portable digital assistants, PDAs, pagers, laptop computers,desktop computers, gaming devices, televisions, routers, home gateways,and other types of electronic systems, may employ various embodiments ofthe invention.

As shown, the mobile terminal 10 may include at least one antenna 12 incommunication with a transmitter 14 and a receiver 16. Alternativelytransmit and receive antennas may be separate. The mobile terminal 10may also include a processor 20 configured to provide signals to andreceive signals from the transmitter and receiver, respectively, and tocontrol the functioning of the apparatus. Processor 20 may be configuredto control the functioning of the transmitter and receiver by effectingcontrol signaling via electrical leads to the transmitter and receiver.Likewise processor 20 may be configured to control other elements ofapparatus 10 by effecting control signaling via electrical leadsconnecting processor 20 to the other elements, such as for example adisplay or a memory. The processor 20 may, for example, be embodied asvarious means including circuitry, at least one processing core, one ormore microprocessors with accompanying digital signal processor(s), oneor more processor(s) without an accompanying digital signal processor,one or more coprocessors, one or more multi-core processors, one or morecontrollers, processing circuitry, one or more computers, various otherprocessing elements including integrated circuits such as, for example,an application specific integrated circuit, ASIC, or field programmablegate array, FPGA, or some combination thereof. A processor comprisingexactly one processing core may be referred to as a single-coreprocessor, while a processor comprising more than one processing coremay be referred to as a multi-core processor. Accordingly, althoughillustrated in FIG. 2 as a single processor, in some embodiments theprocessor 20 comprises a plurality of processors or processing cores.Signals sent and received by the processor 20 may include signalinginformation in accordance with an air interface standard of anapplicable cellular system, and/or any number of different wireline orwireless networking techniques, comprising but not limited to Wi-Fi,wireless local access network, WLAN, techniques such as Institute ofElectrical and Electronics Engineers, IEEE, 802.11, 802.16, and/or thelike. In addition, these signals may include speech data, user generateddata, user requested data, and/or the like. In this regard, theapparatus may be capable of operating with one or more air interfacestandards, communication protocols, modulation types, access types,and/or the like. More particularly, the apparatus may be capable ofoperating in accordance with various first generation, 1G, secondgeneration, 2G, 2.5G, third-generation, 3G, communication protocols,fourth-generation, 4G, communication protocols, Internet ProtocolMultimedia Subsystem, IMS, communication protocols, for example, sessioninitiation protocol, SIP, and/or the like. For example, the apparatusmay be capable of operating in accordance with 2G wireless communicationprotocols IS-136, Time Division Multiple Access TDMA, Global System forMobile communications, GSM, IS-95, Code Division Multiple Access, CDMA,and/or the like. Also, for example, the mobile terminal may be capableof operating in accordance with 2.5G wireless communication protocolsGeneral Packet Radio Service. GPRS, Enhanced Data GSM Environment, EDGE,and/or the like. Further, for example, the apparatus may be capable ofoperating in accordance with 3G wireless communication protocols such asUniversal Mobile Telecommunications System, UMTS, Code Division MultipleAccess 2000, CDMA2000, Wideband Code Division Multiple Access, WCDMA,Time Division-Synchronous Code Division Multiple Access, TD-SCDMA,and/or the like. The apparatus may be additionally capable of operatingin accordance with 3.9G wireless communication protocols such as LongTerm Evolution, LTE, or Evolved Universal Terrestrial Radio AccessNetwork, E-UTRAN, and/or the like. Additionally, for example, theapparatus may be capable of operating in accordance withfourth-generation, 4G, wireless communication protocols such as LTEAdvanced and/or the like as well as similar wireless communicationprotocols that may be developed in the future.

Some Narrow-band Advanced Mobile Phone System, NAMPS, as well as TotalAccess Communication System, TACS, mobile terminal apparatuses may alsobenefit from embodiments of this invention, as should dual or highermode phone apparatuses, for example, digital/analogue orTDMA/CDMA/analogue phones.

Additionally, apparatus 10 may be capable of operating according toWi-Fi or Worldwide Interoperability for Microwave Access, WiMAX,protocols.

It is understood that the processor 20 may comprise circuitry forimplementing audio/video and logic functions of apparatus 10. Forexample, the processor 20 may comprise a digital signal processordevice, a microprocessor device, an analogue-to-digital converter, adigital-to-analogue converter, and/or the like. Control and signalprocessing functions of the mobile terminal may be allocated betweenthese devices according to their respective capabilities. The processormay additionally comprise an internal voice coder, VC, 20 a, an internaldata modem, DM, 20 b, and/or the like. Further, the processor maycomprise functionality to operate one or more software programs, whichmay be stored in memory. In general, processor 20 and stored softwareinstructions may be configured to cause apparatus 10 to perform actions.For example, processor 20 may be capable of operating a connectivityprogram, such as a web browser. The connectivity program may allow themobile terminal 10 to transmit and receive web content, such aslocation-based content, according to a protocol, such as wirelessapplication protocol, WAP, hypertext transfer protocol, HTTP, and/or thelike

Apparatus 10 may also comprise a user interface including, for example,an earphone or speaker 24, a ringer 22, a microphone 26, a display 28, auser input interface, and/or the like, which may be operationallycoupled to the processor 20. In this regard, the processor 20 maycomprise user interface circuitry configured to control at least somefunctions of one or more elements of the user interface, such as, forexample, the speaker 24, the ringer 22, the microphone 26, the display28, and/or the like. The processor 20 and/or user interface circuitrycomprising the processor 20 may be configured to control one or morefunctions of one or more elements of the user interface through computerprogram instructions, for example, software and/or firmware, stored on amemory accessible to the processor 20, for example, volatile memory 40,non-volatile memory 42, and/or the like. Although not shown, theapparatus may comprise a battery for powering various circuits relatedto the mobile terminal, for example, a circuit to provide mechanicalvibration as a detectable output. The user input interface may comprisedevices allowing the apparatus to receive data, such as a keypad 30, atouch display, which is not shown, a joystick, which is not shown,and/or at least one other input device. In embodiments including akeypad, the keypad may comprise numeric 0-9 and related keys, and/orother keys for operating the apparatus.

As shown in FIG. 2, apparatus 10 may also include one or more means forsharing and/or obtaining data. For example, the apparatus may comprise ashort-range radio frequency, RF, transceiver and/or interrogator 64 sodata may be shared with and/or obtained from electronic devices inaccordance with RF techniques. The apparatus may comprise othershort-range transceivers, such as, for example, an infrared, IR,transceiver 66, a Bluetooth™′ BT, transceiver 68 operating usingBluetooth™ brand wireless technology developed by the Bluetooth™ SpecialInterest Group, a wireless universal serial bus, USB, transceiver 70and/or the like. The Bluetooth™ transceiver 68 may be capable ofoperating according to low power or ultra-low power Bluetooth™technology, for example, Wibree™, radio standards. In this regard, theapparatus 10 and, in particular, the short-range transceiver may becapable of transmitting data to and/or receiving data from electronicdevices within a proximity of the apparatus, such as within 10 meters,for example. Although not shown, the apparatus may be capable oftransmitting and/or receiving data from electronic devices according tovarious wireless networking techniques, including 6LoWpan, Wi-Fi, Wi-Filow power, WLAN techniques such as IEEE 802.11 techniques, IEEE 802.15techniques, IEEE 802.16 techniques, and/or the like.

The apparatus 10 may comprise memory, such as a subscriber identitymodule, SIM, 38, a removable user identity module, R-UIM, and/or thelike, which may store information elements related to a mobilesubscriber. In addition to the SIM, the apparatus may comprise otherremovable and/or fixed memory. The apparatus 10 may include volatilememory 40 and/or non-volatile memory 42. For example, volatile memory 40may include Random Access Memory, RAM, including dynamic and/or staticRAM, on-chip or off-chip cache memory, and/or the like. Non-volatilememory 42, which may be embedded and/or removable, may include, forexample, read-only memory, flash memory, magnetic storage devices, forexample, hard disks, floppy disk drives, magnetic tape, etc., opticaldisc drives and/or media, non-volatile random access memory, NVRAM,and/or the like. Like volatile memory 40, non-volatile memory 42 mayinclude a cache area for temporary storage of data. At least part of thevolatile and/or non-volatile memory may be embedded in processor 20. Thememories may store one or more software programs, instructions, piecesof information, data, and/or the like which may be used by the apparatusfor performing functions of the mobile terminal. For example, thememories may comprise an identifier, such as an international mobileequipment identification, IMEI, code, capable of uniquely identifyingapparatus 10.

While FIG. 2 is described above primarily in the context of a mobiledevice, certain of the components discussed, such as memories,processors and transceivers, can be employed to implement a network-sidedevice.

Without in any way limiting the scope, interpretation, or application ofthe claims appearing below, a technical effect of one or more of theexample embodiments disclosed herein is that smart devices may beenabled to remain in a sleep mode for longer times. Another technicaleffect of one or more of the example embodiments disclosed herein isthat access to data of smart devices is improved. Another technicaleffect of one or more of the example embodiments disclosed herein isthat access to data of smart devices is rendered more reliable.

Embodiments of the present invention may be implemented in software,hardware, application logic or a combination of software, hardware andapplication logic. The software, application logic and/or hardware mayreside on memory 40, the control apparatus 20 or electronic components,for example. In an example embodiment, the application logic, softwareor an instruction set is maintained on any one of various conventionalcomputer-readable media. In the context of this document, a“computer-readable medium” may be any media or means that can contain,store, communicate, propagate or transport the instructions for use byor in connection with an instruction execution system, apparatus, ordevice, such as a computer, with one example of a computer described anddepicted in FIG. 2. A computer-readable medium may comprise acomputer-readable non-transitory storage medium that may be any media ormeans that can contain or store the instructions for use by or inconnection with an instruction execution system, apparatus, or device,such as a computer. The scope of the invention comprises computerprograms configured to cause methods according to embodiments of theinvention to be performed.

If desired, the different functions discussed herein may be performed ina different order and/or concurrently with each other. Furthermore, ifdesired, one or more of the above-described functions may be optional ormay be combined.

Although various aspects of the invention are set out in the independentclaims, other aspects of the invention comprise other combinations offeatures from the described embodiments and/or the dependent claims withthe features of the independent claims, and not solely the combinationsexplicitly set out in the claims.

It is also noted herein that while the above describes exampleembodiments of the invention, these descriptions should not be viewed ina limiting sense. Rather, there are several variations and modificationswhich may be made without departing from the scope of the presentinvention as defined in the appended claims.

1. An apparatus, comprising: at least one processor configured toexecute software stored in a memory comprised in the apparatus, whereinthe software thereby causes the apparatus to at least: retrieve, from anetwork site, a computer executable program; open a first connection toa data source device; open, using the computer executable program, asecond connection to a proxy device to request the proxy device to proxycontent from the data source device, the second connection employing afirst protocol and indicating the network site as a source of thecomputer executable program, and receive from the proxy deviceinformation of the data source device.
 2. The apparatus according toclaim 1, wherein the apparatus is configured to employ cross originresource sharing, CORS, in the second connection.
 3. The apparatusaccording to claim 2, wherein the software comprises an executablescript embedded in the web page.
 4. The apparatus according to claim 1,wherein the first protocol comprises a hypertext transport protocol. 5.The apparatus according to claim 1, wherein the first connectioncomprises at least one of a near-field communications connection, awireless local area network connection and a low-power radio connection.6. The apparatus according to claim 1, wherein the apparatus isconfigured to establish trust and communicate an identifier of the proxydevice over the first connection.
 7. The apparatus according to claim 3,wherein the apparatus is caused to indicate over the second connectionan address of the web page.
 8. A method, comprising: retrieving, from anetwork site, a computer executable program; causing opening of a firstconnection to a data source device; causing opening, using the computerexecutable program, of a second connection to a proxy device to requestthe proxy device to proxy content from the data source device, thesecond connection indicating the network site as a source of thecomputer executable program, and receiving from the proxy deviceinformation of the data source device.
 9. The method according to claim8, wherein the first protocol comprises a hypertext transport protocol.10. The method according to claim 8, wherein the first connectioncomprises at least one of a near-field communications connection, awireless local area network connection and a low-power radio connection.11. The method according to claim 8, further comprising establishingtrust and communicating an identifier of the proxy device over the firstconnection.
 12. (canceled)
 13. An apparatus, comprising: at least oneprocessor; and at least one memory including computer program code, theat least one memory and the computer program code configured to, withthe at least one processor, cause the apparatus to perform at least thefollowing: receive a first message from a data source device, andreceive a second message from a node, the second message comprising anindication of a source of a computer executable program running in thenode.
 14. The apparatus according to claim 13, wherein the first messagecomprises a constrained application protocol registration request. 15.The apparatus according to claim 13, wherein the first message comprisesa credential of the data source device.
 16. The apparatus according toclaim 13, wherein the first message comprises a credential of a webapplication.
 17. The apparatus according to claim 13, wherein the secondmessage uses a cross origin resource sharing mechanism.
 18. Theapparatus according to claim 13, wherein the second message comprisescredentials of at least one of the node and the data source device. 19.The apparatus according to claim 13, wherein the apparatus is furthercaused to assign storage space for resource data of the data sourcedevice.
 20. (canceled)
 21. The apparatus according to claim 13, whereinthe first message comprises a request requesting initialization of astate of the data source device in the apparatus.
 22. A method,comprising: receiving a first message from a data source device, andreceiving a second message from a node, the second message comprising anindication of a source of a computer executable program running in thenode.
 23. The method according to claim 22, wherein the first messagecomprises a constrained application protocol registration request. 24.The method according to claim 22, wherein the first message comprises acredential of the data source device.
 25. The method according to claim22, wherein the first message comprises a credential of a webapplication.
 26. The method according to claim 22, wherein the secondmessage uses a cross origin resource sharing, CORS, mechanism.
 27. Themethod according to claim 22, wherein the second message comprisescredentials of at least one of the node and the data source device.28.-32. (canceled)